Chapter 9. Securing a BPEL Process
In an enterprise environment, BPEL services usually serve either mission-critical or business-critical business processes. These BPEL services exchange sensitive information with multiple composite applications, enterprise systems, and external service providers as a service consumer or provider. That is why it is critical to ensure that only authorized users have access to BPEL services and communication is kept private. It is an industry-leading practice to implement a separate vertical layer for securing BPEL process; commonly known as the security layer. The security control's implementation needs to have defense in depth and should be capable enough to deliver the basic principles of information security to secure web services, they are as follows:
Confidentiality: Data is readable to authorized systems and users only.
Integrity: Data exchange between service consumers and providers is not tempered. In other words, data is not modified, unauthorized...
